Problem/Motivation
As part of #3262573: Update our yarn dev dependencies to the extent allowed by current constraints we noticed that some of the production dependencies allow minor updates within the version constraints. This prevents installing patch updates without also installing minor updates.
Proposed resolution
Review version constraints for production yarn dependencies to ensure that within version constrains, only patch level updates can be installed.
Remaining tasks
User interface changes
API changes
Data model changes
Release notes snippet
Forward branches:
Drupal core's yarn dependency constraints for production dependencies. The latest minor versions of all development dependencies are now required by the constraints. Additionally, the constraints have been changed to only allow patch-level updates. This allows yarn upgrades can be done easily and safely when there are security issues with the dependencies, without accidentally making disruptive updates to production dependencies. The constraints will be deliberately increased as necessary for future updates and future Drupal minor versions.
9.3.x:
Drupal core's yarn dependency constraints for production dependencies have been changed to only allow patch-level updates. This allows yarn upgrades can be done easily and safely when there are security issues with the dependencies, without accidentally making disruptive updates to production dependencies. The constraints will be deliberately increased as necessary for future updates and future Drupal minor versions.